CVE-2007-6166

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control
http://www.kb.cert.org/vuls/id/659761	US Government Resource
http://www.securityfocus.com/bid/26549
http://www.securitytracker.com/id?1018989
http://secunia.com/advisories/27755	Vendor Advisory
http://docs.info.apple.com/article.html?artnum=307176
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html
http://www.us-cert.gov/cas/techalerts/TA07-334A.html	US Government Resource
http://www.securityfocus.com/bid/26560
http://security.gentoo.org/glsa/glsa-200803-08.xml
http://secunia.com/advisories/29182	Vendor Advisory
http://securityreason.com/securityalert/3410
http://www.vupen.com/english/advisories/2007/3984	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/38604
https://www.exploit-db.com/exploits/6013
https://www.exploit-db.com/exploits/4648

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:apple:quicktime:7.0.1:::::::*
	cpe:2.3:a:apple:quicktime:6.5.1:::::::*
	cpe:2.3:a:apple:quicktime:5.0:::::::*
	cpe:2.3:a:apple:quicktime:6.0:::::::*
	cpe:2.3:a:apple:quicktime:7.1.4:::::::*
	cpe:2.3:a:apple:quicktime:3.0:::::::*
	cpe:2.3:a:apple:quicktime:7.0.4:::::::*
	cpe:2.3:a:apple:quicktime:7.1.1:::::::*
	cpe:2.3:a:apple:quicktime:7.0.3:::::::*
	cpe:2.3:a:apple:quicktime:7.1.2:::::::*
	cpe:2.3:a:apple:quicktime::::::::
	cpe:2.3:a:apple:quicktime:7.1.5:::::::*
	cpe:2.3:a:apple:quicktime:7.0:::::::*
	cpe:2.3:a:apple:quicktime:7.1.6:::::::*
	cpe:2.3:a:apple:quicktime:4.1.2:::::::*
	cpe:2.3:a:apple:quicktime:5.0.2:::::::*
	cpe:2.3:a:apple:quicktime:7.0.2:::::::*
	cpe:2.3:a:apple:quicktime:5.0.1:::::::*
	cpe:2.3:a:apple:quicktime:6.1:::::::*
	cpe:2.3:a:apple:quicktime:6.5:::::::*
	cpe:2.3:a:apple:quicktime:7.1:::::::*
	cpe:2.3:a:apple:quicktime:6.5.2:::::::*
	cpe:2.3:a:apple:quicktime:7.1.3:::::::*
	cpe:2.3:a:apple:quicktime:7.2:::::::*
	cpe:2.3:a:apple:quicktime:-:::::::*

OR	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:10.5.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.7:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.4.9:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.8:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.0:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*

Information

Published : 2007-11-28 17:46

Updated : 2018-10-30 09:25

NVD link : CVE-2007-6166

Mitre link : CVE-2007-6166

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

microsoft

windows_vista
windows_xp

apple

safari
mac_os_x
quicktime

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control", "name": "http://www.beskerming.com/security/2007/11/25/74/QuickTime_-_Remote_hacker_automatic_control", "tags": [], "refsource": "MISC"}, {"url": "http://www.kb.cert.org/vuls/id/659761", "name": "VU#659761", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/26549", "name": "26549", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1018989", "name": "1018989", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/27755", "name": "27755", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://docs.info.apple.com/article.html?artnum=307176", "name": "http://docs.info.apple.com/article.html?artnum=307176", "tags": [], "refsource": "MISC"}, {"url": "http://lists.apple.com/archives/Security-announce/2007/Dec/msg00000.html", "name": "APPLE-SA-2007-12-13", "tags": [], "refsource": "APPLE"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-334A.html", "name": "TA07-334A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://www.securityfocus.com/bid/26560", "name": "26560", "tags": [], "refsource": "BID"}, {"url": "http://security.gentoo.org/glsa/glsa-200803-08.xml", "name": "GLSA-200803-08", "tags": [], "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/29182", "name": "29182", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/3410", "name": "3410", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2007/3984", "name": "ADV-2007-3984", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38604", "name": "quicktime-rtsp-contenttype-bo(38604)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/6013", "name": "6013", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "https://www.exploit-db.com/exploits/4648", "name": "4648", "tags": [], "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-6166", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2007-11-29T01:46Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.3"}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:5.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:6.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:quicktime:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-30T16:25Z"}

9.3 /10